14 install role
m edited this page 3 months ago

markuman.nextcloud.nextcloud

Collection Version Supported OS Nextcloud Version EOL
9 Ubuntu 20.04 23 2022.12
10 Ubuntu 22.04 >= 24 TBA

This ansible installation role supports only Ubuntu 20.04 LTS atm.
Furthermore it depends on ansible devsec.hardening collection that is applied on

  • ssh
  • os
  • mariadb

And it does even more:

  • setup ufw
  • setup letsencrypt with TLSv1.3 in caddy
  • configured smooth preview settings for nextcloud gallery app and preview generator
  • installs and enables bruteforce protection out of the box
  • setup nextcloud talk with coturn
out of scope

This role does not cover

  • Other distributions
  • apache, nginx
  • postgres

requirements

  • ansible >= 2.9.10
  • devsec.hardening collection

hardware recommendations

Basically 1 Core and 512MB are sufficient to serve a nextcloud. And it heavily depends on its usage if it is sufficient or not.
That might be also sufficient for this installation role. However, the recommendations for this role are at least:

  • >= 1 Core
  • >= 2 GB Mempry

...the more the better ;)

example

---
- hosts: my.cloud.tld
  become: yes

  vars:
    ubuntu_nextcloud_user: some_ssh_user
    ubuntu_nextcloud_user_ssh_key_location: https://github.com/markuman.keys
    
    nextcloud_fqdn: "{{ inventory_hostname }}"
    lets_encrypt_mail: my@cloud.tdl
    
    mariadb_root_password: some_random_mysql_root_pws
    nextcloud_db_password: some_random_nextcloud_database_password
    
    nextcloud_admin_user: admin
    nextcloud_admin_password: some_strong_password

  roles:
    - markuman.nextcloud.nextcloud

settings based on usage

There are some settings that needs to be adjust/increased, based on the useage and resources of your nextcloud.

# /etc/php/7.4/fpm/pool.d/www.conf
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

# /etc/php/7.4/fpm/php.ini
opcache.interned_strings_buffer=16

# /etc/mysql/mariadb.conf.d/50-server.cnf
innodb_buffer_pool_size = 512M

However, you can start with the roles defaults in increase it by time if necessary.

Summary

Firewall Settings

Direction Port
IN 22 (SSH Rate Limit)
IN 80 (HTTP)
IN 443 (HTTPS)
OUT 22 (SSH)
OUT 53 (DNS)
OUT 123 (NTP)
OUT 80 (HTTP)
OUT 443 (HTTPS)
OUT 465 (TLS SMTP)
OUT 993 (TLS IMAP)

Role Variables

Variale Name Required Default Value
ubuntu_nextcloud_user yes
ubuntu_nextcloud_user_ssh_key_location yes
nextcloud_fqdn yes
install_talk no yes
lets_encrypt_mail yes
mariadb_root_password yes
nextcloud_db_password yes
nextcloud_admin_user yes
nextcloud_admin_password yes
php_fpm.max_children no 120
php_fpm.start_servers no 12
php_fpm.min_spare_servers no 6
php_fpm.max_spare_servers no 18
opcache.interned_strings_buffer no 16
innodb_buffer_pool_size no 512M